gsk_attribute_get_numeric_value()--Get numeric information about a secure
session or an SSL environment
Syntax
#include <gskssl.h>
int gsk_attribute_get_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID,
int *numValue);
Service Program Name: QSYS/QSOSSLSR
Default Public Authority: *USE
Threadsafe: Yes
The gsk_attribute_get_numeric_value() function is used to
obtain specific numeric information about a secure session or an SSL
environment.
Parameters
my_gsk_handle (Input)
Indicates one of the following handles:
The handle for the secure session. (my_session_handle)
The handle for the SSL environment. (my_env_handle)
numID (Input)
The following values can be used to retrieve information about the secure
session or the SSL environment that is either defaulted or explicitly set:
GSK_FD (300) - numValue is a socket descriptor to
be used for this secure session.
GSK_V2_SESSION_TIMEOUT (301) - SSL Version 2 session
time-out for the environment. numValue must be in the range 0-100
seconds.
GSK_V3_SESSION_TIMEOUT (302) - SSL Version 3 and TLS
version 1.x session time-out for the environment. numValue must be in
the range 0-86400 seconds.
GSK_OS400_READ_TIMEOUT (6993) - The receive time-out for
the secure session or the SSL environment.
GSK_CERTIFICATE_VALIDATION_CODE (6996) - The certificate
validation return code for the local or peer certificate.
GSK_HANDSHAKE_TIMEOUT (6998) - SSL handshake time-out for
the secure session or the SSL environment.
GSK_OCSP_MAX_RESPONSE_SIZE (315) - numValue is
the maximum response size in bytes that will be accepted from the Online
Certificate Status Protocol (OCSP) responder. When the response size is
greater, the response is rejected.
GSK_OCSP_TIMEOUT (318) - numValue is the receive
timeout in seconds to wait for a response from the OCSP responder. This
value should be less than or equal to the value for GSK_HANDSHAKE_TIMEOUT as
that setting applies to the entire handshake wait time.
(Note: GSK_HANDSHAKE_TIMEOUT default is to wait forever)
GSK_OCSP_NONCE_SIZE (324) - numValue is the size
in bytes that will be generated as an OCSP nonce if nonce is to be
generated. Setting this value greater than 512 will result in
the value being set to 512.
GSK_OCSP_CLIENT_CACHE_SIZE (326) - numValue
indicates if OCSP response caching is enabled for the SSL environment. The
default value is 1, indicating this SSL environment will both create cache
entries and use cache entries in the System SSL system level OCSP response
cache. A value of 0 disables both cache creates and cache lookups for the
SSL environment. The System SSL system level cache size is unlimited.
GSK_OCSP_PROXY_SERVER_PORT (312) - numValue is
the port of the proxy server to which OCSP requests will be sent if
GSK_OCSP_PROXY_SERVER_NAME is set.
GSK_LAST_VALIDATION_ERROR (311) - Additional information
about the last certificate validation error on the current secure session.
If gsk_secure_soc_init() or
gsk_secure_soc_startInit() returned an
error, this attribute may provide additional error information. While not an
exhaustive list, most possible error code values are listed in
"gskssl.h".
GSK_SSL_EXTN_MAXFRAGMENT_SIZE (321) - numValue is
the client secure session's preferred SSL fragment size. The fragment size
is negotiated with the server using an optional TLS extension. System
SSL will send the maximum fragmentation length extension in the extended
client hello when not set to the default value of 16384. If the server
agrees to the smaller fragment size both sides of the secure session will
immediately start fragmenting the data to that size. The typical System
SSL application should not change this setting. Note: This attribute is not
applicable to System SSL server sessions as they always support all valid
sizes for this extension. Valid values are 512, 1024, 2048, 4096, and
16384.
GSK_TLS_CBCPROTECTION_METHOD (329) -
Sets an optional SSL Version 3 or TLS Version 1.0 CBC IV Protection method.
numValue must specify one of the following:
GSK_TLS_CBCPROTECTION_METHOD_NONE (0) - No method is employed.
GSK_TLS_CBCPROTECTION_METHOD_ZEROBYTEFRAGMENT(1) - A zero byte fragment is prepended to each data record sent.
GSK_TLS_CBCPROTECTION_METHOD_ONEBYTEFRAGMENT(2) - The data record is sent in multiple records with the first record containing one byte.
GSK_TLS_CBCPROTECTION_METHOD_DELAYEDONEBYTEFRAGMENT(3) - The first write operation is unaffected. After the first write operation, the data record is sent in multiple records with the first record containing one byte.
numValue (Output)
A pointer to an integer containing the value of the requested
information.
Authorities
No authorization is required.
Return Value
gsk_attribute_get_numeric_value() returns an integer.
Possible values are:
[GSK_OK]
gsk_attribute_get_numeric_value() was successful.
[GSK_ATTRIBUTE_INVALID_ID]
The specified numID was not valid.
[GSK_INVALID_HANDLE]
The handle specified was not valid.
[GSK_OS400_ERROR_INVALID_POINTER]
The numValue pointer is not valid.
[GSK_ERROR_UNSUPPORTED]
The numID is currently not supported.
[GSK_ERROR_IO]
An error occurred in SSL processing, check the errno value.
Error Conditions
When the gsk_attribute_get_numeric_value() API fails with
return code [GSK_ERROR_IO], errno can be set to: